RE: Manually Signed Digest as an XML signature type

Joseph:
 
I disagree.  We've defined KeyInfo (in just about every conceivable
form!) to mean "hints" to a verifier about where to find evidence that
he is using the correct key.  There is NO ambiguity here: the result of
interpreting KeyInfo can only be the use of a particular key by the
verifier in a cryptographic operation.  
 
SignatureProperties, on the other hand, are miscellaneous input to some
higher-order verification policy, sent along with a signature by its
producer. 
 
--Barb
 
 
-----Original Message-----
From: Joseph M. Reagle Jr. [mailto:reagle@w3.org]
Sent: Monday, June 05, 2000 3:22 PM
To: Barb Fox
Cc: tgindin@us.ibm.com; w3c-ietf-xmldsig@w3.org
Subject: RE: Manually Signed Digest as an XML signature type


At 02:39 PM 6/5/00 -0700, Barb Fox wrote: 
>>>> 


Joseph and Tom: 

Sorry, but I strongly believe that this manually signed digest signature
type is a huge mistake for this working group to even consider. The
focus of the working group and its charter from inception has been
digital signature in the cryptographic context. Adding this
"interpretation" of signature opens to door to all kinds of random
definitions and it seriously dilutes the work we've done so far. 

--Barbara Fox 

<<<< 

Barb, 

Rest assured, this work is out of scope. <smile> However, I'm trying to
use the question to push us to more cleanly define the meaning of
KeyInfo and SignatureProperties, which are rather fuzzy. 


_________________________________________________________ 
Joseph Reagle Jr. 
W3C Policy Analyst mailto:reagle@w3.org 
IETF/W3C XML-Signature Co-Chair http://www.w3.org/People/Reagle/